|
2931
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: ftgmac100: fix ring allocation unwind on open failure
ftgmac100_alloc_rings() allocates rx_skbs, tx_skbs, rxdes, txdes, and
…
|
NVD-CWE-noinfo
|
CVE-2026-31737
|
2026-05-8 03:55 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2932
|
7.5 |
HIGH
Network
|
-
|
-
|
Regex Denial of Service in youtube-regex npm package through version 1.0.5.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2025-65122
|
2026-05-8 03:50 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2933
|
6.8 |
MEDIUM
Physics
|
-
|
-
|
Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.
|
CWE-1263
Improper Physical Access Control
|
CVE-2025-4386
|
2026-05-8 03:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2934
|
6.8 |
MEDIUM
Physics
|
-
|
-
|
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data.
|
CWE-313
Cleartext Storage in a File or on Disk
|
CVE-2025-4397
|
2026-05-8 03:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2935
|
8.8 |
HIGH
Network
|
-
|
-
|
An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access.
|
CWE-284
Improper Access Control
|
CVE-2026-5786
|
2026-05-8 03:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2936
|
8.9 |
HIGH
Network
|
-
|
-
|
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-5787
|
2026-05-8 03:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2937
|
7.0 |
HIGH
Network
|
-
|
-
|
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
|
CWE-284
Improper Access Control
|
CVE-2026-5788
|
2026-05-8 03:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2938
|
7.2 |
HIGH
Network
|
-
|
-
|
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
|
CWE-20
Improper Input Validation
|
CVE-2026-6973
|
2026-05-8 03:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2939
|
7.4 |
HIGH
Network
|
-
|
-
|
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-7821
|
2026-05-8 03:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2940
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activiti…
|
CWE-79
Cross-site Scripting
|
CVE-2026-36341
|
2026-05-8 03:45 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
